Collects information about your instances and the software installed on them.

Allows you to safely automate common and repetitive IT operations and management tasks across AWS resources.

Provides a browser-based interactive shell and CLI for managing Windows and Linux EC2 instances, without the need to open inbound ports, manage SSH keys, or use bastion hosts. Administrators can grant and revoke access to instances through a central location by using IAM policies.

Lets you schedule windows of time to run administrative and maintenance tasks across your instances.

SSM Agent is the tool that processes Systems Manager requests and configures your machine as specified in the request. SSM Agent must be installed on each instance you want to use with Systems Manager. On some instance types, SSM Agent is installed by default. On others, you must install it manually.

Capabilities

Automation

Allows you to safely automate common and repetitive IT operations and management tasks across AWS resources

A step is defined as an initiated action performed in the Automation execution on a per-target basis. You can execute the entire Systems Manager automation document in one action or choose to execute one step at a time.

Concepts

Automation document – defines the Automation workflow.

Automation action – the Automation workflow includes one or more steps. Each step is associated with a particular action or plugin. The action determines the inputs, behavior, and outputs of the step.

Automation queue – if you attempt to run more than 25 Automations simultaneously, Systems Manager adds the additional executions to a queue and displays a status of Pending. When an Automation reaches a terminal state, the first execution in the queue starts.

You can schedule Systems Manager automation document execution.

Resource Groups

A collection of AWS resources that are all in the same AWS region, and that match criteria provided in a query.

Use Systems Manager tools such as Automation to simplify management tasks on your groups of resources. You can also use groups as the basis for viewing monitoring and configuration insights in Systems Manager.

After you create a package in Distributor, which creates an Systems Manager document, you can install the package in one of the following ways.

One time by using Systems Manager Run Command.

On a schedule by using Systems Manager State Manager.

Patch Manager

Automate the process of patching your managed instances.

Enables you to scan instances for missing patches and apply missing patches individually or to large groups of instances by using EC2 instance tags.

For security patches, Patch Manager uses patch baselines that include rules for auto-approving patches within days of their release, as well as a list of approved and rejected patches.

Maintenance Window

Set up recurring schedules for managed instances to execute administrative tasks like installing patches and updates without interrupting business-critical operations.

Supports running four types of tasks:

Systems Manager Run Command commands

Systems Manager Automation workflows

AWS Lambda functions

AWS Step Functions tasks

Systems Manager Document (SSM)

Defines the actions that Systems Manager performs.

Types of SSM Documents

Type

Use with

Details

Command document

Run Command,

State Manager

Run Command uses command documents to execute commands. State Manager uses command documents to apply a configuration. These actions can be run on one or more targets at any point during the lifecycle of an instance.

Policy document

State Manager

Policy documents enforce a policy on your targets. If the policy document is removed, the policy action no longer happens.

Automation document

Automation

Use automation documents when performing common maintenance and deployment tasks such as creating or updating an AMI.

Package document

Distributor

In Distributor, a package is represented by a Systems Manager document. A package document includes attached ZIP archive files that contain software or assets to install on managed instances. Creating a package in Distributor creates the package document.

Can be in JSON or YAML.

You can create and save different versions of documents. You can then specify a default version for each document.

If you want to customize the steps and actions in a document, you can create your own.

You can tag your documents to help you quickly identify one or more documents based on the tags you’ve assigned to them.

State Manager

A service that automates the process of keeping your EC2 and hybrid infrastructure in a state that you define.

A State Manager association is a configuration that is assigned to your managed instances. The configuration defines the state that you want to maintain on your instances. The association also specifies actions to take when applying the configuration.

Parameters work with Systems Manager capabilities such as Run Command, State Manager, and Automation.

Monitoring

SSM Agent writes information about executions, scheduled actions, errors, and health statuses to log files on each instance. For more efficient instance monitoring, you can configure either SSM Agent itself or the CloudWatch Agent to send this log data to CloudWatch Logs.

Using CloudWatch Logs, you can monitor log data in real-time, search and filter log data by creating one or more metric filters, and archive and retrieve historical data when you need it.

Log System Manager API calls with CloudTrail.

Security

Systems Managers is linked directly to IAM for access controls.

Pricing

For your own packages, you pay only for what you use. Upon transferring a package into Distributor, you will be charged based on the size and duration of storage for that package, the number of Get and Describe API calls made, and the amount of out-of-Region and on-premises data transfer out of Distributor for those packages.

You are charged based on the number and type of Automation steps.

Limits

Resource

Default Limit

Total amount of Automation execution time per month

Systems Manager will process a maximum of 1,000,000 seconds of Automation executions for each AWS account and in each AWS Region per month.

Total number of Automation step executions per month

Systems Manager will process a maximum of 25,000 steps in Automation workflows for each AWS account and in each AWS Region per month.

Concurrently executing Automations

Each AWS account can execute a maximum of 25 Automations at one time. Concurrent executions greater than 25 are automatically added to an execution queue.

Additional Automation executions that can be queued

75

Maximum duration an Automation execution can run when running in the context of a user

If you expect an Automation to run longer than 12 hours, then you must execute the Automation by using a service role.

AWS Certified Solutions Architect is consistently among the top paying IT certifications in the world, considering that Amazon Web Services is the leading cloud services platform with almost 50% market share! Earn over $150,000 per year with an AWS certification!

Subscribe to our newsletter for more helpful AWS training notes and blogs like this and answer as many AWS practice exams as you can. 🙂